Skip to main content

HP

651 CVEs vendor

Monthly

CVE-2013-4832 MEDIUM This Month

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-4831 MEDIUM This Month

HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager
NVD
CVSS 2.0
5.5
EPSS
0.2%
CVE-2013-4830 HIGH This Week

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP RCE Service Manager
NVD
CVSS 2.0
7.5
EPSS
6.7%
CVE-2013-4827 HIGH This Week

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Imc Service Operation Management Software Module Intelligent Management Center
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-4826 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.2%.

Information Disclosure HP Imc Service Operation Management Software Module Intelligent Management Center
NVD
CVSS 2.0
5.0
EPSS
77.2%
Threat
4.8
CVE-2013-4825 HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP Imc Service Operation Management Software Module Intelligent Management Center
NVD
CVSS 2.0
7.5
EPSS
0.4%
CVE-2013-4824 HIGH POC THREAT Act Now

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.7%.

HP Authentication Bypass Imc Service Operation Management Software Module Intelligent Management Center
NVD
CVSS 2.0
7.5
EPSS
77.7%
Threat
5.3
CVE-2013-4823 MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.2%.

Information Disclosure HP Intelligent Management Center Imc Branch Intelligent Management System Software Module
NVD
CVSS 2.0
5.0
EPSS
77.2%
Threat
4.8
CVE-2013-4822 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.1%.

HP RCE Imc Branch Intelligent Management System Software Module Intelligent Management Center
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
74.1%
Threat
5.7
CVE-2013-4804 CRITICAL Act Now

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Business Process Monitor
NVD
CVSS 2.0
10.0
EPSS
9.9%
CVE-2013-2366 CRITICAL Act Now

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Business Process Monitor
NVD
CVSS 2.0
10.0
EPSS
9.9%
CVE-2013-4829 LOW Monitor

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow. Rated low severity (CVSS 1.5). No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 Color Laserjet Cm4540F Color Laserjet Cm4540Fskm +17
NVD
CVSS 2.0
1.5
EPSS
0.1%
CVE-2013-4828 MEDIUM This Month

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 Color Laserjet Cm4540F Color Laserjet Cm4540Fskm +17
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4821 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.3%
CVE-2013-4820 LOW Monitor

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Java HP Information Disclosure Icewall Smart Device Option Icewall Sso Agent +5
NVD
CVSS 2.0
2.1
EPSS
0.2%
CVE-2013-4819 LOW Monitor

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-4818 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Smart Device Option Icewall File Manager Icewall Sso Agent +1
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4817 MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-4814 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Xp 9000 Command View
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-4325 MEDIUM This Month

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
CVSS 2.0
6.9
EPSS
0.1%
CVE-2013-4815 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Arcsight Enterprise Security Manager
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-4813 CRITICAL Act Now

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP RCE Identity Driven Manager Procurve Manager
NVD
CVSS 2.0
10.0
EPSS
6.4%
CVE-2013-4811 CRITICAL POC THREAT Emergency

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

HP RCE Identity Driven Manager Procurve Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.5%
Threat
6.0
CVE-2013-4812 CRITICAL POC THREAT Emergency

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

HP RCE Identity Driven Manager Procurve Manager
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
74.0%
Threat
5.7
CVE-2013-4810 CRITICAL POC KEV THREAT Emergency

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

HP Code Injection RCE
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
89.6%
Threat
7.6
CVE-2013-4809 HIGH This Week

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Identity Driven Manager Procurve Manager
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2013-2353 HIGH This Week

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Storeonce D2D
NVD
CVSS 2.0
7.8
EPSS
1.4%
CVE-2013-4808 CRITICAL Act Now

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Center Service Manager
NVD
CVSS 2.0
10.0
EPSS
4.2%
CVE-2013-4806 HIGH This Week

The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP 3Com Router 5500 24G 4Sfp Hi Switch With 2 Interface Slots 5500 24G Poe Ei Switch +14
NVD
CVSS 2.0
7.0
EPSS
0.2%
CVE-2013-4807 HIGH This Week

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Laserjet Pro Cp1025Nw Firmware Laserjet Pro M1214Nfh Mfp Firmware Laserjet Pro P1606Dn Firmware +6
NVD
CVSS 2.0
7.8
EPSS
1.5%
CVE-2013-4805 CRITICAL Act Now

Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Integrated Lights Out Firmware
NVD
CVSS 2.0
9.0
EPSS
0.6%
CVE-2013-2367 CRITICAL POC THREAT Emergency

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.8%.

HP RCE Sitescope
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.8%
Threat
6.0
CVE-2013-4801 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2013-4800 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.4%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
71.4%
Threat
5.5
CVE-2013-4799 HIGH Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 29.2% and no vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.6
EPSS
29.2%
CVE-2013-4798 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.2%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
83.2%
Threat
6.0
CVE-2013-4797 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
7.6%
CVE-2013-2370 HIGH POC THREAT Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.0%.

HP RCE Loadrunner
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
82.0%
Threat
5.5
CVE-2013-2369 HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
CVSS 2.0
7.5
EPSS
5.9%
CVE-2013-2368 MEDIUM This Month

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Loadrunner
NVD
CVSS 2.0
5.0
EPSS
2.4%
CVE-2013-4802 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Application Lifecycle Management
NVD
CVSS 2.0
4.3
EPSS
0.8%
CVE-2013-2365 HIGH This Week

HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.9). No vendor patch available.

Information Disclosure HP Database And Middleware Automation
NVD
CVSS 2.0
7.9
EPSS
0.3%
CVE-2013-2364 LOW Monitor

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2363 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2362 LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2361 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2360 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2359 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2358 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2357 MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
CVSS 2.0
4.0
EPSS
0.2%
CVE-2013-2356 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-2355 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2012-5217 MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
CVSS 2.0
5.0
EPSS
0.4%
CVE-2013-2351 HIGH This Week

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Network Node Manager I
NVD
CVSS 2.0
7.5
EPSS
1.1%
CVE-2013-2352 CRITICAL Act Now

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass San Iq
NVD
CVSS 2.0
9.4
EPSS
2.3%
CVE-2013-4784 CRITICAL Emergency

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.7% and no vendor patch available.

HP Authentication Bypass Integrated Lights Out Bmc
NVD
CVSS 2.0
10.0
EPSS
50.7%
CVE-2013-2341 HIGH This Week

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE 3Com Baseline Plus Switch 3Com Router 3Com Switch +12
NVD
CVSS 2.0
7.1
EPSS
0.6%
CVE-2013-2340 CRITICAL Act Now

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.5% and no vendor patch available.

HP RCE 3Com Baseline Plus Switch 3Com Router 3Com Switch +12
NVD
CVSS 2.0
10.0
EPSS
18.5%
CVE-2013-2343 CRITICAL POC THREAT Emergency

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

HP RCE Lefthand P4000 Virtual San Appliance Lefthand Virtual San Appliance Hydra Lefthand Virtual San Appliance Hydra Software
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
75.6%
Threat
5.8
CVE-2013-2342 HIGH This Week

The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

HP Authentication Bypass Storeonce D2D
NVD
CVSS 2.0
7.7
EPSS
0.1%
CVE-2013-2339 MEDIUM This Month

HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Smart Zero Core
NVD
CVSS 2.0
4.6
EPSS
0.1%
CVE-2013-2323 MEDIUM This Month

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation HP Nonstop Sql Mx
NVD
CVSS 2.0
6.0
EPSS
0.2%
CVE-2013-2322 LOW Monitor

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Nonstop Sql Mx
NVD
CVSS 2.0
3.5
EPSS
0.2%
CVE-2013-2338 CRITICAL Act Now

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

HP RCE Integrated Lights Out 3 Firmware Integrated Lights Out 4 Firmware
NVD
CVSS 2.0
10.0
EPSS
22.2%
CVE-2013-3576 CRITICAL POC THREAT Emergency

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.3%.

PHP Command Injection HP System Management Homepage
NVD Exploit-DB
CVSS 2.0
9.0
EPSS
46.3%
Threat
4.7
CVE-2013-2337 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager Service Center
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2013-2336 MEDIUM This Month

HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager Service Center
NVD
CVSS 2.0
5.0
EPSS
0.7%
CVE-2013-3575 MEDIUM POC THREAT This Month

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

PHP Information Disclosure HP Insight Diagnostics
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
25.0%
CVE-2013-3574 HIGH POC THREAT Act Now

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

PHP Path Traversal HP Insight Diagnostics
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
23.0%
CVE-2013-3573 CRITICAL Act Now

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP Insight Diagnostics
NVD
CVSS 2.0
10.0
EPSS
1.1%
CVE-2013-2147 LOW Monitor

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux HP Information Disclosure Linux Kernel Linux Enterprise Server
NVD
CVSS 2.0
2.1
EPSS
0.1%
CVE-2013-2335 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2334 CRITICAL Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.7% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
38.7%
CVE-2013-2333 CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.2%.

HP RCE Storage Data Protector
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
82.2%
Threat
6.0
CVE-2013-2332 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2331 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2330 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2329 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2328 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2327 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2326 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2325 CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
20.8%
CVE-2013-2324 CRITICAL Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.3% and no vendor patch available.

HP RCE Storage Data Protector
NVD
CVSS 2.0
10.0
EPSS
38.3%
CVE-2013-2321 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager Web Tier
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5222 MEDIUM This Month

HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager Web Tier
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2012-5221 MEDIUM This Month

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Color Laserjet 3000 Color Laserjet 3800 Color Laserjet 4700 +34
NVD
CVSS 2.0
5.0
EPSS
2.1%
CVE-2012-5219 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Managed Printing Administration
NVD
CVSS 2.0
4.3
EPSS
0.6%
CVE-2012-5220 HIGH This Week

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP Storage Data Protector
NVD
CVSS 2.0
7.2
EPSS
0.1%
CVE-2013-0543 MEDIUM This Month

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM HP Authentication Bypass Websphere Application Server
NVD
CVSS 2.0
6.8
EPSS
0.3%
CVE-2012-5218 HIGH This Week

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Elitepad
NVD
CVSS 2.0
7.2
EPSS
0.1%
EPSS 0% CVSS 4.0
MEDIUM This Month

HP Service Manager 9.30 through 9.32 allows remote authenticated users to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

HP Service Manager 9.30 through 9.32 does not properly manage privileges, which allows remote authenticated users to obtain sensitive information or modify data via unspecified vectors. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager
NVD
EPSS 7% CVSS 7.5
HIGH This Week

HP Service Manager 9.30 through 9.32 allows remote attackers to execute arbitrary code via an unspecified "injection" approach. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP RCE +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SQL injection vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to execute arbitrary SQL commands via unspecified. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Imc Service Operation Management Software Module +1
NVD
EPSS 77% 4.8 CVSS 5.0
MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to obtain sensitive information via unknown. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.2%.

Information Disclosure HP Imc Service Operation Management Software Module +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass intended access restrictions via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP Imc Service Operation Management Software Module +1
NVD
EPSS 78% 5.3 CVSS 7.5
HIGH POC THREAT Act Now

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Service Operation Management Software Module allows remote attackers to bypass authentication via unknown vectors, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.7%.

HP Authentication Bypass Imc Service Operation Management Software Module +1
NVD
EPSS 77% 4.8 CVSS 5.0
MEDIUM POC THREAT This Month

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 77.2%.

Information Disclosure HP Intelligent Management Center +1
NVD
EPSS 74% 5.7 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.1%.

HP RCE Imc Branch Intelligent Management System Software Module +1
NVD Exploit-DB
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Business Process Monitor
NVD
EPSS 10% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors, aka. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Business Process Monitor
NVD
EPSS 0% CVSS 1.5
LOW Monitor

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices allow. Rated low severity (CVSS 1.5). No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 +19
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet Enterprise color flow MFP M575c; Color LaserJet CM4540, M575, and M775; and ScanJet Enterprise 8500fn1 FutureSmart devices do not. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Color Laserjet Cm4540 +19
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable. No vendor patch available.

Java HP Information Disclosure +7
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option 10.0, and IceWall File Manager 3.0 through SP4 allows remote. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Smart Device Option +3
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote attackers to obtain sensitive information via unknown vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Icewall Sso Agent Option
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View Advanced Edition Suite Software 7.x before 7.5.0-02 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Xp 9000 Command View
NVD
EPSS 0% CVSS 6.9
MEDIUM This Month

The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local. Rated medium severity (CVSS 6.9). No vendor patch available.

Privilege Escalation HP Linux Imaging And Printing Project
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in the web interface in HP ArcSight Enterprise Security Manager (ESM) before 5.5 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Arcsight Enterprise Security Manager
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP RCE +2
NVD
EPSS 84% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.5%.

HP RCE Identity Driven Manager +1
NVD Exploit-DB
EPSS 74% 5.7 CVSS 10.0
CRITICAL POC THREAT Emergency

UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.0%.

HP RCE Identity Driven Manager +1
NVD Exploit-DB
EPSS 90% 7.6 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

HP Code Injection RCE
NVD Exploit-DB VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Multiple SQL injection vulnerabilities in GetEventsServlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allow remote attackers to execute. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi HP Identity Driven Manager +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before 1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial of service via unknown vectors. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Storeonce D2D
NVD
EPSS 4% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Center +1
NVD
EPSS 0% CVSS 7.0
HIGH This Week

The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable. No vendor patch available.

Denial Of Service HP 3Com Router +16
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP, M1218nfs MFP, and CP1025nw with firmware before 2013-07-26. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Laserjet Pro Cp1025Nw Firmware +8
NVD
EPSS 1% CVSS 9.0
CRITICAL Act Now

Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass Integrated Lights Out Firmware
NVD
EPSS 84% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.8%.

HP RCE Sitescope
NVD Exploit-DB
EPSS 8% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1736. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
EPSS 71% 5.5 CVSS 9.3
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 71.4%.

HP RCE Loadrunner
NVD Exploit-DB
EPSS 29% CVSS 7.6
HIGH Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1734. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Epss exploitation probability 29.2% and no vendor patch available.

HP RCE Loadrunner
NVD
EPSS 83% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 83.2%.

HP RCE Loadrunner
NVD Exploit-DB
EPSS 8% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1690. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
EPSS 82% 5.5 CVSS 7.5
HIGH POC THREAT Act Now

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1671. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.0%.

HP RCE Loadrunner
NVD Exploit-DB
EPSS 6% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1670. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP RCE Loadrunner
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Loadrunner
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Application Lifecycle Management (ALM) Quality Center before 11.51 allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Application Lifecycle Management
NVD
EPSS 0% CVSS 7.9
HIGH This Week

HP Database and Middleware Automation (DMA) 10.x before 10.10, when SSL is used, allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.9). No vendor patch available.

Information Disclosure HP Database And Middleware Automation
NVD
EPSS 0% CVSS 3.5
LOW Monitor

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2356. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 2.1
LOW Monitor

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows local users to cause a denial of service via unknown vectors, aka ZDI-CAN-1676. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than. Rated medium severity (CVSS 4.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP System Management Homepage
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2013-2363. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP System Management Homepage
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
EPSS 0% CVSS 5.0
MEDIUM This Month

HP System Management Homepage (SMH) before 7.2.1 allows remote attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation HP System Management Homepage
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, 9.1x, and 9.2x allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via unknown. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service HP Network Node Manager I
NVD
EPSS 2% CVSS 9.4
CRITICAL Act Now

LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

HP Authentication Bypass San Iq
NVD
EPSS 51% CVSS 10.0
CRITICAL Emergency

The HP Integrated Lights-Out (iLO) BMC implementation allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 50.7% and no vendor patch available.

HP Authentication Bypass Integrated Lights Out Bmc
NVD
EPSS 1% CVSS 7.1
HIGH This Week

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

HP RCE 3Com Baseline Plus Switch +14
NVD
EPSS 19% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 18.5% and no vendor patch available.

HP RCE 3Com Baseline Plus Switch +14
NVD
EPSS 76% 5.8 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 75.6%.

HP RCE Lefthand P4000 Virtual San Appliance +2
NVD Exploit-DB
EPSS 0% CVSS 7.7
HIGH This Week

The HP StoreOnce D2D backup system with software before 3.0.0 has a default password of badg3r5 for the HPSupport account, which allows remote attackers to obtain administrative access and delete. Rated high severity (CVSS 7.7), this vulnerability is low attack complexity. No vendor patch available.

HP Authentication Bypass Storeonce D2D
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible. Rated medium severity (CVSS 4.6), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service HP Smart Zero Core
NVD
EPSS 0% CVSS 6.0
MEDIUM This Month

HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to bypass intended access restrictions and modify data via unspecified vectors, aka the. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation HP Nonstop Sql Mx
NVD
EPSS 0% CVSS 3.5
LOW Monitor

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure HP Nonstop Sql Mx
NVD
EPSS 22% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 22.2% and no vendor patch available.

HP RCE Integrated Lights Out 3 Firmware +1
NVD
EPSS 46% 4.7 CVSS 9.0
CRITICAL POC THREAT Emergency

ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 46.3%.

PHP Command Injection HP +1
NVD Exploit-DB
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to inject arbitrary web script or HTML via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager +1
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter 6.2.8, allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager +1
NVD
EPSS 25% CVSS 5.0
MEDIUM POC THREAT This Month

hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 25.0%.

PHP Information Disclosure HP +1
NVD Exploit-DB
EPSS 23% CVSS 7.8
HIGH POC THREAT Act Now

Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 23.0%.

PHP Path Traversal HP +1
NVD Exploit-DB
EPSS 1% CVSS 10.0
CRITICAL Act Now

HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection HP Insight Diagnostics
NVD
EPSS 0% CVSS 2.1
LOW Monitor

The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Linux HP Information Disclosure +2
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 39% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.7% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 82% 6.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 82.2%.

HP RCE Storage Data Protector
NVD Exploit-DB
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 21% CVSS 10.0
CRITICAL Act Now

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 20.8% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 38% CVSS 10.0
CRITICAL Emergency

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 38.3% and no vendor patch available.

HP RCE Storage Data Protector
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Service Manager Web Tier
NVD
EPSS 1% CVSS 5.0
MEDIUM This Month

HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote attackers to obtain sensitive information via unspecified vectors. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure HP Service Manager Web Tier
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal HP Color Laserjet 3000 +36
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in HP Managed Printing Administration (MPA) before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

HP XSS Managed Printing Administration
NVD
EPSS 0% CVSS 7.2
HIGH This Week

Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure HP Storage Data Protector
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.29, 8.0 before 8.0.0.6, and 8.5 before 8.5.0.2 on Linux, Solaris, and HP-UX, when a Local OS registry is used, does not. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

IBM HP Authentication Bypass +1
NVD
EPSS 0% CVSS 7.2
HIGH This Week

HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not enable the Secure Boot feature, which allows local users to bypass intended BIOS restrictions and boot unintended operating. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation HP Elitepad
NVD
Prev Page 6 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy